Unless otherwise indicated herein, approaches described in this section are not prior art to the claims listed below and are not admitted to be prior art by inclusion in this section.
There is vulnerability in the specifications of the 3rd Generation Partnership Project (3GPP) in that a denial of service attack against mobile terminals (herein interchangeably referred to as user equipment (UE)) from a fraudulent/rogue network is possible due to lack of ability to proceed mutual authentication and integrity protection. Therefore, it is evident that UE cannot, in every case, be sure about the reliability of the network to which the UE is accessing or attempting to access. One way to verify the reliability is mutual authentication procedure but this may not be possible. For instance, when the Subscriber Identify Module (SIM) card of the UE is indeed invalid, or when the network cannot access the subscriber's Home Public Land Mobile Network (HPLMN), mutual authentication is not a viable option. Thus, in some cases rejects received from a network cannot be trusted.
In certain cases, where a Universal Subscriber Identify Module (USIM) is indeed valid, a fraudulent network element may send non-integrity protected reject message(s) with certain reject cause to the UE and, at reception of that reject cause, the UE shall consider the USIM invalid. This means that the UE, even with a valid USIM, can be getting out of service by the fraudulent network element. Under one approach, an attempt to correct this problem was that the UE is never to consider the USIM permanently invalid if the reject was received without integrity protection. However, this approach may cause even more serious problems in cases where a UE equipped with an invalid USIM does not obey the reject from the network element but, rather, keeps on attempting to obtain service, thereby causing unnecessary signaling towards the network until the UE's battery dies. With certain other reject causes received from a fraudulent network element, a UE with a valid USIM shall consider that it is not able to obtain service from the networks even if it should be based on its subscription.
Under another approach, an existing timer (e.g., timer T3245) or a new timer (e.g., timer T3445) may be utilized to account for a “back-off” time. The timer would be started if a reject cause is received unauthenticated. The UE would be completely blocked for a period of time from 15 minutes to 48 hours. If a fatal cause is received and in case of less fatal cause(s), the Public Land Mobile Network (PLMN) may be forbidden until the timer has expired. If a fraudulent/rogue cell pretends to be a cell from the HPLMN, the UE would continue its attempt to establish communication sessions with this fraudulent/rogue cell. Least fatal values may keep the UE on the cell and restrict the UE from selecting any other cell or PLMN. A real HPLMN would authenticate the UE but the fraudulent/rogue cell would not. Also, at the expiry of the timer, the UE may still select the same cell (albeit rogue yet unbeknownst to the UE) again, and the UE may not be able to select other cell(s).
A different approach follows the existing cell barring mechanism so that a fraudulent/rogue cell can be barred for a period of time such as 5 minutes. During this period of barring time, the UE may be able to select another suitable cell. During the barring time, the fraudulent/rogue cell is excluded from being a candidate for cell selection and re-selection procedure. However, it is possible that the UE may return back to the fraudulent/rogue cell due to the fraudulent/rogue cell regaining the status of a suitable cell for selection/re-selection at the end of the barring time. If the denial of service is well mounted, the UE may again bar the fraudulent/rogue cell and the above process repeats. This “ping-ponging” issue may happen in case of the UE returns back to the fraudulent/rogue cell at every expiry of the 5-minute barring time.
Under yet another approach, when the SIM is indeed invalid, authentication is not possible and the network would send reject(s) non-integrity protected. However, under this approach, the UE would not consider the SIM invalid and, instead, would start a timer and attempt the procedure again and again.